3726 matches found
WordPress IP Loc8 plugin <= 1.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin IP Loc8 versions = 1.1...
WordPress Talkback Plugin <= 1.0 is vulnerable to PHP Object Injection
Software Talkback Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-48033 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 110f16d8c997 Credits LVT-tholv2k Required privilege Unauthenticated...
WordPress IP Loc8 Plugin <= 1.1 is vulnerable to PHP Object Injection
Software IP Loc8 Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-48028 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 037f1dc8325d Credits LVT-tholv2k Required privilege Unauthenticated...
WordPress Rank Math SEO plugin <= 1.0.228 - Authenticated (Administrator+) PHP Object Injection vulnerability
Authenticated Administrator+ PHP Object Injection vulnerability discovered by Leo in WordPress Plugin Rank Math SEO versions = 1.0.228...
WordPress Rank Math SEO Plugin <= 1.0.228 is vulnerable to PHP Object Injection
Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.228 Fixed in 1.0.229 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-9314 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID d4844a229841 Credits Leo Required privilege Administrator...
CVE-2024-9314
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'setredirections' function. This makes it possible for authenticated attackers, with...
CVE-2024-9314 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Authenticated (Administrator+) PHP Object Injection
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'setredirections' function. This makes it possible for authenticated attackers, with...
CVE-2024-9314 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Authenticated (Administrator+) PHP Object Injection
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'setredirections' function. This makes it possible for authenticated attackers, with...
CVE-2024-9314
Rank Math SEO – AI Tools to Dominate SEO Rankings (WordPress) is affected by CVE-2024-9314: authenticated administrators can deserialise untrusted input via the set_redirections path, enabling PHP Object Injection in versions up to and including 1.0.228. The vulnerability description notes that n...
WordPress plugin Rank Math SEO 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
CVE-2024-7434
The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...
CVE-2024-7433
The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...
CVE-2024-7432
The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...
CVE-2024-7432
The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...
CVE-2024-7433
The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...
CVE-2024-7434
The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...
CVE-2024-7434 UltraPress <= 1.2.2 - Authenticated (Contributor+) PHP Object Injection
The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...
CVE-2024-7434
CVE-2024-7434 concerns the UltraPress WordPress theme (versions
CVE-2024-7434 UltraPress <= 1.2.2 - Authenticated (Contributor+) PHP Object Injection
The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...
CVE-2024-7433 Empowerment <= 1.0.2 - Authenticated (Contributor+) PHP Object Injection
The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...